This opportunity is closed for applications.
The deadline was Friday 11 January 2019 at 6PM (in Canberra)
Australian Electoral Commission
RFQ: Cyber Security Monitoring Design and Deployment (AEC 18-717)
Important dates
- Opportunity ID
- 1956
- Deadline for asking questions
- Friday 4 January 2019 at 6PM (in Canberra)
- Closing date for applications
- Friday 11 January 2019 at 6PM (in Canberra)
- Published
- Friday 14 December 2018
Overview
-
Write a summary of your brief The AEC is seeking expressions of interest from vendors capable of providing a short-term, event based security monitoring of internal AEC systems, via the provision of a 24x7 Security Operations Centre (SOC). -
What is the latest start date? -
1/2/2019 -
How long is the contract? Until the end of the 2019 Federal Election -
Where can the work take place? -
Australian Capital Territory -
Who will the specialist work for? -
Australian Electoral Commission -
Budget range
About the work
-
Why is the work being done? The AEC is seeking expressions of interest from vendors capable of providing a short-term, event based security monitoring of internal AEC systems, via the provision of a 24x7 Security Operations Centre (SOC). -
What's the key problem you need to solve? Design and implement a monitoring capability (by end of January 2019) to i. detect and identify common or generic system or network compromises or compromise attempts against the AEC’s systems; and
ii. detect and identify defined specific compromise attempts against electoral systems.
Provide a monitoring services as follows:
i. From the announcement of the election until the declaration of the results of the election (anticipated total period of 8 to 10 weeks), a live alerting system for significant events, plus at least daily review of log files;
ii. On Close of Rolls day; continuous “eyes-on” monitoring from 8am (East Coast) to Close of Rolls 8pm (West Coast), with a SOC liaison located at 50 Marcus Clarke Street, Canberra during this time;
iii. From three days prior to the election (7am Wednesday), until two days after the election (5pm Monday); continuous 24 hour “eyes-on” monitoring
-
Describe the users and their needs Refer to full RFQ. Please request the full RFQ by email to itsa@aec.gov.au -
What work has already been done? -
Who will the work be done with? IT Security team External suppliers of IT solutions to the AEC
-
Any additional relevant information? Respondents must obtain the full RFQ and respond to the requirements as detailed in it. -
What phase is the work in? -
Live
Work setup
-
Where will the work take place? 50 Marcus Clarke St Canberra
-
What are the working arrangements? As per RFQ -
Is security clearance required? Staff with access to AEC log data must have at least Baseline clearance
Additional information
-
Additional terms and conditions CLOSING DATE FOR FULL PROPOSAL WILL BE 11 January 2019. Respondents are asked to:
1) email itsa@aec.gov.au to request the full RFQ
2) submit your full proposal via email to itsa@aec.gov.au before 18:00 AEDT 11 January 2019.
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate sellers’ technical competence.
-
Essential skills and experience -
- have experience designing a SIEM for collecting and analysing log files
- have resources to deliver the project outcome within the required timeframe
- have nominated staff with the necessary technical skills to deliver the project outcome
-
Nice-to-have skills and experience -
provide evidence of experience with operating a Security Operations Centre
How sellers will be evaluated
-
How many shortlisted sellers will you evaluate? -
12 -
Proposal criteria -
- Technical solution
- Value for money
- Estimated timeframes
- Approach and methodology
- Quality of nominated personnel
- Supplier's risk management processes
- Experience in delivering similar solutions
-
Cultural fit criteria -
- Work as a team with our organisation and other suppliers
- Transparent and collaborative when making decisions
- Understanding of electoral processes and principles
-
Payment approach -
Fixed price -
Assessment methods -
- Written proposal
- Work history
- Reference
-
Evaluation weighting -
Technical competence
50%Cultural fit
20%Price
30%
Seller questions
| Seller question | Buyer answer |
|---|---|
| 1. Please confirm due date for delivery of solution. 8b in the RFQ states end March 2019, the brief summary states end January 2019 | The discrepancy between 8b) and the summary is an error. End March 2019 is the correct and planned delivery date for a May 2019 federal election and is the date that suppliers should be working towards. Should an election be called for earlier than end March 2019, the AEC will seek to negotiate an earlier delivery date with the successful supplier |
| 2. Must all log files remain in Australia, or can an overseas solution be proposed? | Log files containing PII must remain in Australia. Other log files that do not contain PII could potentially be analysed by an overseas SOC, the AEC will perform a risk assessment considering factors such as location, security of facilities, personnel involved (clearances), etc., to determine if an overseas solution is acceptable, on a case-by-case basis. |
| 3. What classification is the data on the network? | All AEC data and systems that this RFQ pertains to is Unclassified DLM. |
| 4. Who is responsible for carrying out incident response post triage? | AEC will log a case internally and handle incident response post-triage. |
| 5. Does the AEC have a full list of logs to be ingested and analysed? | This is presently being compiled and will be made available to the successful supplier. However, it is expected that workshopping during the design phase will discover additional logs required. |
| 6. Where is the AEC Data Centre? | AEC has two data centres, both hosted in Canberra in commercial data centre space (Unclassified DLM) |
| 7. Is there a prescribed format for the response? | No. Suppliers are free to respond in any format they wish. |
| 8. Can the due date of 11 January 2019 be extended? | Unfortunately, no extensions are possible. |
| 9. Is it still necessary to respond via the Marketplace using their template response in addition to the full proposal sent by email? | No. When the brief was first released, there was a technical issue with closing dates in the Marketplace which has been overcome. There is no need to respond via the Marketplace. Full proposals should be submitted to itsa@aec.gov.au |
| 10. In what network is the current AEC Splunk deployment located and what are the technical specifications of the server/s involved? | The existing Splunk deployment is an on-premise deployment and is located in the AEC Production network, at the primary data centre in Canberra. It runs on a cluster of four indexers and a search head (HP Blades). Technical specifications are not immediately at hand due to staff absences, however, the system performs at close to capacity currently. This response will be updated with specifications upon return of system engineers. |
| 11. The RFQ nominates a delivery date of end March 2019. What if an early election is called for March? | In the event that an election is called for March, the AEC would seek to renegotiate contract delivery dates and costs with the successful respondent. |
Interested in this opportunity?
Before you can apply for this opportunity, you need to:
- Register to join the Marketplace.
- Submit a case study and pricing and check your documents are up-to-date.
- Request an assessment of your chosen case study.